Merge branch 'main' into chore/goreleaser-write

Author: lucacome

.github/workflows/ci.yml

@@ -11,6 +11,9 @@ on:
       - main
   schedule:
     - cron: "0 5 * * *" # runs every day at 5am UTC
+  merge_group:
+    types:
+      - checks_requested
 
 defaults:
   run:
@@ -105,7 +108,7 @@ jobs:
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
         with:
-          version: v2.2.0 # renovate: datasource=github-tags depName=goreleaser/goreleaser
+          version: v2.3.1 # renovate: datasource=github-tags depName=goreleaser/goreleaser
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -10,6 +10,9 @@ on:
       - main
   schedule:
     - cron: "33 16 * * 3" # run every Wednesday at 16:33 UTC
+  merge_group:
+    types:
+      - checks_requested
 
 concurrency:
   group: ${{ github.ref_name }}-codeql
@@ -55,7 +58,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -67,6 +70,6 @@ jobs:
           # queries: security-extended,security-and-quality
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -3,6 +3,9 @@ on:
   pull_request:
     branches:
       - main
+  merge_group:
+    types:
+      - checks_requested
 
 concurrency:
   group: ${{ github.ref_name }}-deps-review
@@ -18,6 +21,10 @@ jobs:
       contents: read # for actions/checkout
       pull-requests: write # for actions/dependency-review-action to post comments
     steps:
+      - name: Skip on Merge Group
+        run: exit 0 # Artifically flag as successful, as this is a required check for branch protection.
+        if: github.event_name == 'merge_group'
+
       - name: Checkout Repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 

.github/workflows/lint.yml

@@ -4,6 +4,9 @@ on:
   pull_request:
     branches:
       - main
+  merge_group:
+    types:
+      - checks_requested
 
 defaults:
   run:
@@ -18,7 +21,7 @@ permissions:
 
 jobs:
   lint:
-    name: Lint
+    name: Go Lint
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Repository
@@ -32,7 +35,7 @@ jobs:
       - name: Lint Go
         uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
         with:
-          version: v1.60.3 # renovate: datasource=github-tags depName=golangci/golangci-lint
+          version: v1.61.0 # renovate: datasource=github-tags depName=golangci/golangci-lint
 
   actionlint:
     name: Actionlint
@@ -42,7 +45,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Lint Actions
-        uses: reviewdog/action-actionlint@4f8f9963ca57a41e5fd5b538dd79dbfbd3e0b38a # v1.54.0
+        uses: reviewdog/action-actionlint@05c9d7bef25a46caf572df3497afa7082fc111df # v1.55.0
         with:
           actionlint_flags: -shellcheck ""
 
@@ -54,7 +57,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Lint Markdown
-        uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0
+        uses: DavidAnson/markdownlint-cli2-action@db43aef879112c3119a410d69f66701e0d530809 # v17.0.0
         with:
           config: .markdownlint-cli2.yaml
           globs: "**/*.md"
@@ -67,4 +70,4 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Lint YAML
-        uses: reviewdog/action-yamllint@4e4ba96d03a0e12a0e71c29e5fef1db309d09201 # v1.18.0
+        uses: reviewdog/action-yamllint@e09f07780388032a624e9eb44a23fd1bbb4052cc # v1.19.0

.github/workflows/scorecard.yml

@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           sarif_file: results.sarif

.pre-commit-config.yaml

@@ -24,12 +24,12 @@ repos:
       - id: detect-private-key
 
   - repo: https://github.com/golangci/golangci-lint
-    rev: v1.60.3
+    rev: v1.61.0
     hooks:
       - id: golangci-lint-full
 
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.18.4
+    rev: v8.19.2
     hooks:
       - id: gitleaks
 

Makefile

@@ -1,5 +1,5 @@
 # renovate: datasource=github-tags depName=golangci/golangci-lint
-GOLANGCI_LINT_VERSION = v1.60.3
+GOLANGCI_LINT_VERSION = v1.61.0
 
 test: unit-test test-integration test-integration-no-stream-block clean
 

docker/Dockerfile

@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.9
+# syntax=docker/dockerfile:1.10
 FROM debian:12-slim
 
 LABEL maintainer="NGINX Docker Maintainers <[email protected]>"